errors: &'static str -> String

src/crypto/certificate_pool.rs

@@ -61,7 +61,7 @@ impl<'a> CertificatePool<'a> {
         let cert_pem = pem::parse(cert_pem)?;
         if cert_pem.tag() != "CERTIFICATE" {
             return Err(SigstoreError::CertificatePoolError(
-                "PEM file is not a certificate",
+                "PEM file is not a certificate".into(),
             ));
         }
 

src/errors.rs

@@ -53,7 +53,7 @@ pub enum SigstoreError {
     InvalidKeyFormat { error: String },
 
     #[error("Unable to parse identity token: {0}")]
-    IdentityTokenError(&'static str),
+    IdentityTokenError(String),
 
     #[error("unmatched key type {key_typ} and signing scheme {scheme}")]
     UnmatchedKeyAndSigningScheme { key_typ: String, scheme: String },
@@ -107,13 +107,13 @@ pub enum SigstoreError {
     CertificateWithIncompleteSubjectAlternativeName,
 
     #[error("Certificate pool error: {0}")]
-    CertificatePoolError(&'static str),
+    CertificatePoolError(String),
 
     #[error("Signing session expired")]
     ExpiredSigningSession(),
 
     #[error("Fulcio request unsuccessful: {0}")]
-    FulcioClientError(&'static str),
+    FulcioClientError(String),
 
     #[error("Cannot fetch manifest of {image}: {error}")]
     RegistryFetchManifestError { image: String, error: String },
@@ -130,6 +130,9 @@ pub enum SigstoreError {
     #[error("Rekor request unsuccessful: {0}")]
     RekorClientError(String),
 
+    #[error(transparent)]
+    JoinError(#[from] tokio::task::JoinError),
+
     #[cfg(feature = "sign")]
     #[error(transparent)]
     ReqwestError(#[from] reqwest::Error),
@@ -166,7 +169,7 @@ pub enum SigstoreError {
     TufTargetNotFoundError(String),
 
     #[error("{0}")]
-    TufMetadataError(&'static str),
+    TufMetadataError(String),
 
     #[error(transparent)]
     IOError(#[from] std::io::Error),

src/oauth/token.rs

@@ -65,22 +65,22 @@ impl TryFrom<&str> for IdentityToken {
     type Error = SigstoreError;
 
     fn try_from(value: &str) -> Result<Self, Self::Error> {
-        let parts: [&str; 3] = value
-            .split('.')
-            .collect::<Vec<_>>()
-            .try_into()
-            .or(Err(SigstoreError::IdentityTokenError("Malformed JWT")))?;
+        let parts: [&str; 3] = value.split('.').collect::<Vec<_>>().try_into().or(Err(
+            SigstoreError::IdentityTokenError("Malformed JWT".into()),
+        ))?;
 
         let claims = base64
             .decode(parts[1])
             .or(Err(SigstoreError::IdentityTokenError(
-                "Malformed JWT: Unable to decode claims",
+                "Malformed JWT: Unable to decode claims".into(),
             )))?;
         let claims: Claims = serde_json::from_slice(&claims).or(Err(
-            SigstoreError::IdentityTokenError("Malformed JWT: claims JSON malformed"),
+            SigstoreError::IdentityTokenError("Malformed JWT: claims JSON malformed".into()),
         ))?;
         if claims.aud != "sigstore" {
-            return Err(SigstoreError::IdentityTokenError("Not a Sigstore JWT"));
+            return Err(SigstoreError::IdentityTokenError(
+                "Not a Sigstore JWT".into(),
+            ));
         }
 
         Ok(IdentityToken {

src/tuf/mod.rs

@@ -195,7 +195,7 @@ impl Repository for SigstoreRepository {
 
         if certs.is_empty() {
             Err(SigstoreError::TufMetadataError(
-                "Fulcio certificates not found",
+                "Fulcio certificates not found".into(),
             ))
         } else {
             Ok(certs)
@@ -215,7 +215,7 @@ impl Repository for SigstoreRepository {
 
         if keys.len() != 1 {
             Err(SigstoreError::TufMetadataError(
-                "Did not find exactly 1 active Rekor key",
+                "Did not find exactly 1 active Rekor key".into(),
             ))
         } else {
             Ok(keys)